Cisco is a long-time front-runner in delivering state-of-the-art firewalls for the broadest possible range of deployments. Cisco's Firepower NGFWs Firewalls represent a modern cybersecurity platform that marshals dedicated hardware, cloud services, and next-generation intrusion protection system (NGIPS) to anticipate, identify, and respond to threats automatically. Progent's Cisco-certified CCIE-certified firewall experts can help you to plan and carry out a smooth migration to Cisco Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and help you integrate Firepower appliances with Cisco's cloud-based services to create and centrally control IT ecosystems that span branch offices, data centers, and cloud resources. Progent's firewall consultants can also assist you to maintain and debug older-generation Cisco security appliances. Progent's certified cybersecurity consultants can assist you with policy creation and tuning based on leading best practices so you can build a consistent cybersecurity profile that applies to all your networked endpoints at any location.
Cisco's Firepower NGFW Firewalls
Cisco's Firepower Next Generation Firewalls deliver a major performance improvement compared to Cisco's popular ASA 5500-X firewalls and include unified management and automation of modern cybersecurity capabilities like application visibility and control, next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection, distributed denial of service (DDoS) mitigation, and multi-node sandboxing. For details about Cisco's Firepower portfolio of NGFWs Firewalls, refer to Firepower firewalls integration services.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco’s ASA 5500-X, ASA 5500, and PIX firewall appliances offer integrated firewall, IPsec VPN, and IPS services in single-box devices, delivering a wide array of features to match the security and compliance requirements of companies from small and mid-size businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X Series, ASA 5500, and PIX firewalls enable network security teams to protect their network edge and provide safe offsite and mobile connectivity while utilizing advanced administration mechanisms based on Cisco's world-class firewall products.
Cisco’s ASA 5500 and PIX firewall appliances have reached end-of-life but remain commonly used in small and mid-size organizations and in some enterprise data centers. Cisco’s ASA 5500-X Next-Generation Firewalls deliver substantially more bang for the buck and have supplanted Cisco's ASA 5500 and PIX families of firewalls for new installations. However, Cisco's legacy firewall appliances, if properly maintained, can offer a high degree of security by supplying a variety of services such as stateful firewall, VPN, and IPS.
After Cisco's purchase of Sourcefire, the whole line of ASA 5500-X devices can be configured to support Firepower Services, based on Sourcefire's Snort technology, which is the world's most deployed intrusion protection system (IPS). Firepower services bring powerful new features such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco CCIE-premier infrastructure engineers can help your organization to maintain and troubleshoot legacy ASA 5500 and PIX firewalls and can also assist you to plan and carry out an efficient upgrade to Cisco’s ASA 5500-X Series firewalls with Firepower. Progent can also help you to design, integrate, optimize, administer and troubleshoot new firewall solutions based on Cisco's current ASA 5500-X firewalls with Firepower Services. Progent's firewall consultants can also assist your organization to upgrade from your Cisco ASA 5500-X solution to Cisco's latest Firepower Next Generation Firewalls (NGFWs).
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive family of ASA 5500-X firewalls includes an improved replacement for every rack-mountable unit in the older ASA 5500 generation of firewalls. Each ASA 5500-X firewall targets the identical market as the corresponding earlier models, which offers small and midsize businesses ample choice for picking a firewall that meets their security requirements and budgets. All ASA 5500-X products are based on Cisco's proven stateful-inspection firewall technology and all include 64-bit hardware with multicore processors and are capable of running Cisco's advanced security services. All devices in Cisco's ASA 5500-X family provide consistent protection across any combination of physical, virtual, and cloud deployments.
For more details about ASA 5500-X security appliances, Cisco Firepower services, and Progent's support for ASA security appliances, see Cisco Firepower configuration and troubleshooting consulting
Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls work with either software or physical modules that enable Cisco's Firepower Services, which provide layered protection against multi-vector threats. Firepower Services are based on innovative technology acquired by Cisco from Sourcefire. Major features of Firepower Services for ASA firewalls include:
- Multi-layer defense against familiar and zero-day attacks
- Cisco's Advanced Malware Protection (AMP) that uses big data to discover and remediate intrusions
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that looks at clients, network infrastructure, apps, and content to discover attacks that incorporate multiple vectors
- High-resolution Application Visibility and Control that is aware of thousands of apps and can automatically activate both standard and custom IPS policies based on the degree of risk
Firepower Services for Cisco ASA 5500-X firewalls provide advanced multi-layered protection
Smaller implementations of ASA 5500-X firewalls can be effectively administered via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility which is provided with all ASA 5500-X models. ASDM includes a convenient web console for configuring, managing, and debugging ASA 5500-X devices and service modules.
For more complex environments, ASA 5500-X firewalls with Firepower Services can be administered with Firepower Management Center, implemented as one or several physical or virtual appliances. Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Because of frequent rebranding since Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been offered under various names including Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Cisco Firepower Management Center unifies event and policy management for Firepower firewall appliances
Cisco's Firepower Management Center provides features unavailable with Cisco's on-device Adaptive Security Device Manager utility. Additional features include greater context awareness, Cisco's Advanced Malware Protection with remediation for user devices, a console that provides dynamic network infrastructure visualization, automated policy tuning driven by risk assessment of attacks, advanced IPS, custom app detectors for Application Visibility and Control (AVC), customized health notifications, improved reporting options, and application interfaces for host input and database access. Hardware-dependent options like clustering, stacking, switching, routing, VPN, and NAT must be handled using the on-device ASDM or the ASA command line interface.
Cisco ASA 5500 Firewalls
Cisco ASA Firewalls leverage engineering behind the PIX 500 Series Security Appliance, the Cisco IPS 4200 Intrusion Prevention System, and the VPN 3000 model concentrator. These technologies converge on the Cisco ASA 5500 Series Firewall family to offer a platform that defends against the broadest variety of threats. Cisco Adaptive Security Appliances Firewalls provide program security, network containment, and clean VPN connectivity throughout the entire product portfolio. This broad scope of protection allows defense of any network segment, including the most typical attack vectors such as remote locations, locally-attached internal users, and off-site access Virtual Private Networks.
The expandable architecture of the ASA 5500 Series enables you to add features by installing security service modules and security service cards (SSCs). These user-installable options give you the ability to add IPS and content protection functions like blocking virus, spyware, and phishing attacks and performing file and web filtering. Beside allowing you to react quickly to new risk vectors, the extensible design of the Cisco ASA 5500 family also protects your capital investment by increasing the useful life of your firewalls. The Cisco ASA 5500 Series also leverages your investment in administrative team training by utilizing the rich library of PIX security management tools and protocols such as the Cisco Adaptive Security Device Manager (ASDM) platform, secure command-line interface (CLI) availability, verbose syslog, and SNMP.
Cisco Adaptive Security Appliances 5500 Series firewalls deliver robust application protection via intelligent, application-sensitive inspection engines that analyze traffic at Layers 4-7. This results in a more secure environment including Web, voice, and mobile wireless connectivity. To defend networks against application-layer attacks and to provide better policing of the programs and protocols used in their networks, Cisco's inspection engines incorporate extensive application and protocol knowledge and employ security enforcement technologies that include protocol anomaly sensing and application and protocol state tracking. Also included are assault sensing and remediation technology such as application/protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also provide management of IM and tunneling applications, allowing organizations to police usage policies and conserve network bandwidth for vital business processes.
For more information about Progent's consulting services for Cisco's ASA 5500 firewalls, visit Cisco ASA 5500 series firewalls configuration and troubleshooting consulting.
Based around a hardened, specialized software platform that delivers a wealth of security services, PIX firewall appliances offer excellent protection and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security qualification. Cisco PIX firewall appliances provide security for a wide range of Voice over IP and other multimedia standards including H.323 v. 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol, and Media Gateway Control Protocol, enabling organizations to safeguard installations of a broad array of contemporary and upcoming VoIP and multimedia applications.
Cisco PIX firewall appliances offer a variety of setup, tracking, and troubleshooting features, providing IT managers the versatility to use the techniques that best meet their needs. Administrative solutions include centralized, policy-based administration tools, integrated web-based management, and support for remote-monitoring standards such as Simple Network Management Protocol and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system offers a world-class Web-based management platform that significantly streamlines the deployment, in-place configuration, and tracking of a specific PIX security appliance without the need of any extra utility beyond a standard Web browser and Java plug-in to be running on a manager's computer.
IT managers can furthermore remotely configure, track, and troubleshoot PIX firewall appliances using a CLI interface. Safe command-line interface communication is possible through several methods including Secure Shell (SSHv2) Protocol, Telnet through IP Security (IPsec), and out-of-band through a console port. Cisco PIX security appliances also include robust automatic-update features, a set of revolutionary protected remote-management options that make sure that firewall configurations and software images are kept up to date.
For additional information about Progent's support services for PIX 500 security appliances, go to PIX firewalls configuration and debugging consulting.
Progent's Migration Consulting for Cisco Firewalls
Since Cisco has ceased offering the PIX and ASA 5500 families of firewalls, many businesses are concerned about depending on a critical infrastructure component that may no longer be supported by Cisco. Cisco ASA 5500-X and Firepower Series security appliances offer the advantage of being new products and also offer a number of functions and economic advantages in comparison to PIX 500 firewalls. These benefits include substantially better performance, optional Secure Sockets Layer VPN capability, and an expandable architecture that protects your investment by allowing you to self-install more security services whenever you need them. Progent's Cisco network engineers can help you to determine the strategic value of for moving from PIX or Cisco ASA 5500 security appliances, design a migration plan that permits a fast and seamless upgrade, help your IT staff to configure new ASA 5500-x Series or Firepower NGFW Series appliances, and provide online, consulting, and troubleshooting services.
Additional Ways Progent Can Assist You with Cisco ASA and PIX Firewalls
Cisco Firepower NGFW Series, ASA 5500 Series, and PIX security appliances provide an array of configuration, tracking, and troubleshooting options that give you the ability to configure these firewalls to align optimally with your business needs. Progent's CCIE certified network experts can help you to configure and support a cost-effective network infrastructure that incorporates Cisco security appliances and that offers world-class protection, fault tolerance, throughput, and manageability. Progent's GISA and CISM-premier information security experts can help your business to create a security policy that makes sense for your business and can set up your PIX or ASA firewall to enforce your security strategy. Progent's risk evaluation professionals can evaluate the strength of your current firewall solution and help determine the overall security of your entire IS environment. Progent’s Help Desk Call Center can provide urgent remote technical support for Cisco technology and offer quick access to a Cisco expert.
To find out more information concerning Progent's professional help for Cisco solutions, choose a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To contact Progent about engineering assistance for Cisco technology, phone 1-800-993-9400 or visit Contact Progent.